Is your small business a ‘soft target’ for hackers?

While it may be the big-business attacks that hit the headlines, due to the vast amounts of data being compromised, smaller businesses provide cyber criminals scope to make an easy buck.

“Small businesses don’t typically think it will happen to them,” said MYOB’s Head of Information and Cybersecurity, Christie Lim. “They see cyber attacks in the news, but they’re usually related to data breaches of big businesses like Sony, Target or eBay.”

The focus on the big breaches in the news which leads smaller businesses to think that they’re safe from hackers.

But Lim said smaller businesses’ inattention to cybersecurity, combined with enterprises’ increased cybersecurity, has led to criminals switching targets.

“‘Lazy criminals’ look for easy targets. They get in quick, get some money and they get out,” she said.

“It’s the same mindset that may lead a thief to rob a house instead of a bank. The prize may not be as big, but it’s easier to get.”

The risk/reward scenario has shifted for cyber criminals – and small businesses are increasingly in the crosshairs.

Typical attacks

Lim said the most common form of attack against a small business was a phishing attack via email. Phishing attacks are designed to get you to give away your password or credit card information.

For example, you may get an official-looking email saying your password has expired and you need to reset it.

You’re then directed to a fake page to re-set your password. Part of the process includes inputting your current password, which means you unknowingly hand over your password to hackers.

But Lim says phishing has taken on a new dimension over the past few years.

“Phishing attacks now come with nasty malware such as ransomware,” said Lim. “In the past the emails would have been designed to ask for personal information

“Nowadays cybercriminals have moved on to ransomware, which is designed to lock your personal files within your system. They then ask for a lump sum of money ranging from 500USD to 5000USD.”

“Security professionals have come to terms with the fact that an incident isn’t a matter of if, but when,” said Lim.

“I like to think cybercriminals are no different to criminals we deal with day in day out. If your house doesn’t have a security camera, but your neighbours’ houses do – then you’re the soft target in your neighbourhood.

“It’s very easy for the hackers to do a general network scan, and then identify which company has very few security controls. Metaphorically speaking, this is like leaving their front door wide open.”